Intel’s efforts to issue fixes for the Spectre and Meltdown CPU vulnerabilities are still hitting some bumps in the road, a company executive said in a blog post.

“We have now issued firmware updates for 90 percent of Intel CPUs introduced in the past five years, but we have more work to do,” said Navin Shenoy, EVP and general manager of Intel’s data center group.

Last week, Shenoy wrote that the firmware was causing an uptick in reboots on updated systems with older Broadwell and Haswell chips. In his latest post, Shenoy said that “similar behavior” is occurring with products running Intel’s newest chips, Skylake and Kaby Lake. Ivy Bridge and Sandy Bridge CPUs are also experiencing the issue.

“We have reproduced these issues internally and are making progress toward identifying the root cause,” Shenoy wrote. “In parallel, we will be providing beta microcode to vendors for validation by next week.”

While no successful exploits of the vulnerabilities have yet been reported, they are considered particularly pernicious, given that the vast majority of computers today are affected. An attacker could use the vulnerabilities to hack into one program and then steal data, such as passwords or confidential data, stored in other programs.

Intel ran tests using two-socket Skylake servers and found the performance hits vary depending on the type of workloads and configurations, he wrote: “Generally speaking, the workloads that incorporate a larger number of user/kernel privilege changes and spend a significant amount of time in privileged mode will be more adversely impacted.”

Common workloads for enterprise and cloud customers could see an impact of up to 2 percent. An OLTP (online transaction processing) benchmark that simulates a brokerage firm’s interactions with customers and stock exchanges experienced a 4 percent hit.

Intel also tested storage benchmarks, finding a performance hit of up to 25 percent, depending on the scenario.

The difficulties Intel is facing with the firmware updates aren’t unexpected. A number of security experts recently told Threatpost that mitigating the vulnerabilities will be a moving target. Between the two, Spectre is more difficult to exploit, but also harder to patch, they said.

Comments (2)

Bullshit. Asus updated my bios and chipset on the 4th, and I got a huge INCREASE in performance.

And I’d assume most people running broadwell or haswell chips are on boards over 2 years old, that aren’t getting patched anyways…. Gigabyte for sure is never going to patch them. They never patched the ME problem last year…

If anyone is seeing performance slowdown, maybe its people running virtual machines since that take special processor features. And I also imagine the main target of these attacks.

How could eliminating branch prediction and speculative execution make your processor faster? Maybe other updates you installed at the same time improved your performance enough that you didn’t even notice the hit to your CPU?